Jitsi for Windows - Secure Instant Messaging and VoIP

Updated10 August 2016

This guide is no longer being maintained

This content is currently unmaintained and may be significantly out of date. Please do not rely on it.

Jitsi is cross-platform, free and open-source software client that supports Instant Messaging (IM), voice and video chat over the internet. It supports many of the most popular and widely used IM and telephony protocols, including Jabber/XMPP (used by Facebook and Google Talk), AIM, ICQ, MSN, Yahoo! Messenger and the SIP Voice-over-IP (VoIP) protocol. It supports additional independent encryption for IM through the OTR (Off-the-Record) protocol and for voice and video sessions through ZRTP and SRTP.

What you will get from this guide

The ability to encrypt your communications so that even your account providers cannot access the content of your communications

The ability to use different accounts with various protocols (including Jabber/XMPP, SIP, Google Talk, Facebook, and Yahoo Messenger) simultaneously from within one program

1. Introduction to Jitsi

Jitsi is cross-platform, free and open-source software client for Instant Messaging (IM), Voice over IP (VoIP) and video chat. It is compatible with many popular IM and telephony protocols, including Jabber/XMPP, Facebook Messenger, AIM, ICQ, MSN, Yahoo! Messenger and SIP. It provides end-to-end encryption for text chats through the Off-the-Record (OTR) protocol. It also supports end-to-end encrypted voice chat using ZRTP over SIP, though it tends to be somewhat unstable when used in this way.

Important: If you and those with whom you communicate use OTR encryption for text chats and ZRTP encryption for voice calls, Jitsi will protect the content of your conversations from service providers like Google and Facebook. However, these providers can still monitor certain metadata about the conversations you have through Jitsi. Examples include:

The list of users with whom you communicate

The frequency and duration of those conversations

The fact that you are using encryption to "hide" your communication

They can share this information with third parties, including other companies and governments. For conversations where such metadata could be sensitive, you and those with whom you communicate should consider using a trusted, independent service provider for your XMPP/Jabber chats and SIP calls.

1.0. Things you should know about Jitsi before you start

Jitsi allows you to communicate securely through your existing accounts by using end-to-end encryption. This not only makes the content of your communication inaccessible to various third parties, such as government or corporate surveillance platforms, but it also protects your conversations from those who operate the chat services themselves (such as Facebook, if you are using Facebook Messenger, or Google, if you are using Google Talk).

Note: Jitsi was written in the Java programming language. As such, Java must be installed on your computer in order for it to work. Though Java itself does not represent a significant security risk, Java browser extensions are often found to contain vulnerabilities that allow malicious websites to install malware or assume control of your computer. If your browser has a Java plugin installed, we strongly recommend that you disable it.

1.1. Other tools like Jitsi

Jitsi is available for MS Windows, GNU Linux and Mac OS. It can be used to communicate with other XMPP or SIP clients that support end-to-end encryption through OTR (for text chat) or ZRTP (for voice calls). Examples are recommended below:

Step 7.Click[Next] to install Jitsi to the default folder. Alternatively, click[Change...] to select the folder you would like to install Jitsi to.

Figure 6: Jitsi installation destination folder

Step 8.Select shortcuts, settings and associated protocols through the following window and click[Next]. The default settings here are fine.

Figure 7: Jitsi Setup Wizard Addtional Tasks

Step 9.Click[Install] to install Jitsi on your computer.

Figure 8: Installation of Jitsi

Wait while Jitsi gets installed.

Figure 9: Installing Jitsi

Step 10.Click[Finish] to complete the installation process.

Figure 10: Completing the installation process of Jitsi

2.2. Add accounts to Jitsi

Jitsi supports many different protocols and services for chat. The first time you launch it, you will see the window shown in Figure 1, which allows you to add the accounts you want to access through Jitsi.

Figure 1: Jitsi's initial account configuration screen

Note: Both Google Talk and Facebook may require that you change certain account settings before you can access their chat services through Jitsi. To learn how, see the following two sections:

You can use this screen to enter a username and password for each of the services displayed, thereby adding up to four accounts in one easy step. But you must already have accounts on these services to do so. The sections below describe how to set up accounts for various IM and VoIP service providers.

2.2.1. Adding a Google Talk account to Jitsi

As shown in Figure 1 of the previous section, the first time you launch Jitsi, you will see an account configuration screen that allows you to add various chat services to the application. After you have added at least one account, this screen will no longer appear. In order to add additional accounts, follow the steps below.

Step 1.Click[File] in Jitsi's menu bar and select[Add new account...] to choose the service or protocol you want to use.

You can now use Jitsi to communicate through the Google Talk account you have added.

Note: If you are using 2-step verification to protect access to your Gmail account, you might see an error like the one shown in Figure 4 when Jitsi tries to access your account. (It will display the same error if you get your passphrase wrong.) To log in using Jitsi, you will need to generate an "application-specific password". To learn how, see Google's instructions.

2.2.2. Adding a Facebook account to Jitsi

There are two settings that you might need to change, on the Facebook website, for Jitsi to use Facebook as a chat service.

Facebook Username

Before Jitsi can connect to Facebook, you must assign a username to your Facebook account. Unlike most Web services, Facebook does not require you to select a username when you create your account, but it does allow you to create one if you wish. You can confirm your username by signing into your Facebook account. Your username is what appears in the location bar of your browser after https://www.facebook.com/ when you view your Timeline or Page. So, if your username is elena.s.katerina, you should see https://www.facebook.com/elena.s.katerina in your browser's location bar when viewing your Timeline. Your username is also part of your Facebook email address (elena.s.katerina@facebook.com, for example).

If you do not have a Facebook username, you can choose one by signing into your account and selecting Settings > General or by browsing to https://www.facebook.com/username. Facebook might require that you verify your account before allowing you to select a username. This might require giving Facebook a mobile phone number at which you can receive a text message. For more details see Facebook’s explanation of usernames.

App Settings

You must turn on Facebook’s “application platform” in order to give Jitsi access to your account. To do this, sign in, select Settings > Apps and confirm that the Apps, Websites and Plugins setting is Enabled.

Note: Turning on Facebook’s application platform opens up much of your Facebook data to third-party application developers. This data is available not only to the Facebook applications that you use, but also to the Facebook applications used by your friends. After turning on Facebook’s Apps, Websites and Plugins, be sure to check the settings under Apps others use. This setting allows you to hide some personal information from applications used by your friends. Unfortunately, Facebook does not offer settings to hide all personal information. As long as the application platform is Enabled, certain categories of data (including your friend list, your gender, and any information you have made public) are accessible to apps used by others. If this is unacceptable, you should disable Apps, Websites and Plugins and avoid using Jitsi with Facebook Messenger.

Once you have chosen a Facebook username and enabled the application platform, you can add your Facebook account to Jitsi.

As shown in Figure 1 of the Add accounts to Jitsi section, the first time you launch Jitsi, you will see an account configuration screen that allows you to add various chat services to the application. After you have added at least one account, this screen will no longer appear. In order to add additional accounts, follow the steps below.

Step 1.Click[File] in Jitsi's menu bar and select[Add new account...] to choose the service or protocol you want to use.

Figure 1: Adding a new account

Step 2.Select[Facebook] from the Network list.

Figure 2: Selecting Facebook

Step 3.Type your Facebook username and password.

Figure 3: Entering a username and password into the Add New Account screen

If you have experience running online services, you can also install a Jabber/XMPP server (such as ejabberd or Prosody IM) on your own server and provide accounts to members of a particular community or organization.

Below, we recommend a few services that have a great deal of experience protecting their users' privacy.

Note: Even if you trust your service provider, It is still important that you use OTR encryption to keep your instant messages confidential. So make sure that you and those with whom you communicate know how to use it properly. This is covered in the section on Using Jitsi for secure instant messaging

Creating and adding a Jabber.ccc.de account

The Chaos Computer Club (CCC) hosts a free Jabber service. Their servers are located in Germany. From within Jitsi, you can simultaneously create an account on jabber.ccc.de and add it to Jitsi. This works for many traditional Jabber/XMPP services.

Step 1.Click[File] in Jitsi's menu bar and select[Add new account...] to choose the service or protocol you want to use.

Figure 1: Add new accounts

Step 2.Select[XMPP] from the Network list.

Figure 2: Selecting XMPP

The steps below assume that you do not yet have a jabber.ccc.de account. (If you do, just enter your username and passphrase and click [Add].)

Step 3.Select[Create a new XMPP account].

Figure 3: Creating a new jabber.ccc.de account, within Jitsi, using the Add New Account screen

Step 4.Type[jabber.ccc.de] in the Server box.

Step 5.Choose a username and type it into the XMPP username box.

Step 6.Choose a passphrase and type it into the Password and Confirm Password boxes.

Step 7.Click[Add] to request the username you have chosen.

If the username you requested is unavailable, the registration process will fail, and Jitsi will announce that it: failed to create your account due to the following error: Could not confirm data. You can try again by repeating the process with a different username.

If you do not log in to your jabber.ccc.de account for 12 months, your account will be removed, and your username will be made available for registration by others.

Creating a Riseup.net (Jabber/XMPP) account

Riseup is a collective dedicated to providing secure services for individuals and organizations committed to political and social justice. Their servers are located in the United States.

If you already have a Riseup.net email account, you can use the same account for their Jabber/XMPP service. In order to create an account, you will need two invitation codes from two different Riseup.net members. You can then visit https://user.riseup.net and create an account. Once your account is active, you can add it to Jitsi by following the steps below.

As shown in Figure 1 of the Add accounts to Jitsi section, the first time you launch Jitsi, you will see an account configuration screen that allows you to add various chat services to the application. After you have added at least one account, this screen will no longer appear. In order to add additional accounts, follow the steps below.

Step 1.Click[File] in Jitsi's menu bar and select[Add new account...] to choose the service or protocol you want to use.

Figure 1: Adding new accounts

Step 2.Select[XMPP] from the Network list.

Figure 2: Selecting XMPP

Step 3.Type the username for your Jabber/XMPP account on this service.

Figure 3: Entering a username and password into the Add New Account screen

Your username should include the **@** symbol and the hostname of the service. For example

You can now use Jitsi to communicate through this Jabber/XMPP account.

2.2.4 Adding a SIP account to Jitsi

In this section, we recommend only a single Session Initiation Protocol (SIP) provider, ostel.co. Their servers are located in United States. There are many free SIP services online, but ostel.co appears to offer the most reliable support for end-to-end encryption through ZRTP.

Note: Jitsi is less stable when used for encrypted voice calls than it is when used for encrypted instant messaging. You may find that the Android mobile application CSipSimple is a more reliable way to use your ostel.co account for encrypted voice calls.

Creating a free SIP account on ostel.co

Unlike many Jabber/XMPP accounts, SIP accounts cannot be registered from within Jitsi itself. To create an ostel.co account, follow the steps below:

Once you have successfully registered with ostel.co, you can add your new SIP account to Jitsi by following the steps below.

Adding an existing SIP account to Jitsi

As shown in Figure 1 of the Add accounts to Jitsi section, the first time you launch Jitsi, you will see an account configuration screen that allows you to add various chat services to the application. After you have added at least one account, this screen will no longer appear. In order to add additional accounts, follow the steps below.

Step 1.ClickFile in Jitsi's menu bar and select[Add new account...] to choose the service or protocol you want to use.

Figure 1: Adding new accounts

Step 2.Select[SIP] from the Network list.

Figure 2: Selecting SIP

Step 3.Type your ostel.co username and passphrase.

Figure 3: Entering a username and password into the Add New Account screen

You can now use Jitsi for Voice-over-IP (VoIP) calls through the ostel.co SIP service. If you and those with whom you are communicating both have ostel.co accounts — and if you both configure your applications properly — your conversations will be end-to-end encrypted using the ZRTP protocol. To learn more about how to do this, see the section on Using Jitsi for secure voice and video calls.

2.3. Changing an account password in Jitsi

Many of the accounts you might use through Jitsi allow you to change your passphrase directly from the website of the service provider. However, some Jabber/XMPP and SIP accounts don't have a web interface through which you can manage and change your passphrase. For such accounts, you can change your passphrase by following the steps below.

Step 3.Click[Change account password] to choose a new passphrase for this account.

Figure 3: Changing an account passphrase in Jitsi

Step 4. Choose a new passphrase and type it into the Enter new password field.

Step 5.Type your new passphrase a second time in the Re-enter password field.

Step 6.Click[OK].

You have now successfully changed your account's password.

3. Strengthen Jitsi's security settings

3.1. Clearing and disabling your chat history

By default, Jitsi stores information about your incoming and outgoing voice calls and instant messaging conversations. You can access voice and video call history by clicking the clock icon near the upper right-hand corner of the main Jitsi window:

You can access instant messaging history by clicking on the hourglass icon in the chat window while chatting with a contact:

Figure 2: Accessing information about past text chats in Jitsi

Here you can choose to disable the storage of your chat history with that specific contact, or with all contacts in general.

Even if you encrypt your text chats with OTR, the content of those conversations will be stored unencrypted. The same information is collected and stored on the disk of those with whom you communicate.

Step 3.Select the [Advanced] tab, select[Logging] on the left, and uncheck the [Enable packet logging] box, as shown below:

Figure 3: Jitsi Options - Logging settings in the Advanced tab

These changes will take effect after you restart Jitsi.

3.1.2. Removing stored data about your past text and voice chats

After you have disabled chat logs, as described above, you should remove existing data about past text and voice chats. To do so, follow the steps below:

Step 1. Within an chat window, click the hourglass icon** to display the history menu.

Figure 1: Erasing all chat history in Jitsi

Step 2.Select[Erase all chat history in Jitsi].

You have now deleted all of your chat history in Jitsi.

3.2. Configure Jitsi to initiate private messaging automatically

We recommend that you configure Jitsi to establish encrypted instant messaging sessions whenever possible. To do so, follow the steps below:

Step 1.Select[Tools > Options] from the Jitsi menu bar.

Figure 1: Selecting Jitsi Options

Step 2.Select the [Security] tab, select its [Chat] sub-tab, then check the [Automatically initiate private messaging] box at the bottom of the screen, as shown below:

Figure 2: Jitsi Options - The Chat sub-tab of the Security tab

3.3. Setting a Master passphrase for Jitsi

We recommend that you don't allow Jitsi to remember the passphrases for your chat accounts. If you do, Jitsi's default settings will allow anyone with access to your computer to impersonate you or to obtain your account passphrases. But, if you do decide to allow Jitsi to remember those passphrases for you, it is important that you set a strong master password within Jitsi. Once you have set a master password, you will be asked to enter it whenever you launch Jitsi.

You can set a master password for Jitsi by following the steps below:

Step 1.Select[Tools > Options] from the Jitsi menu bar.

Figure 1: Selecting Jitsi Options

Step 2.Select the [Security] tab, select its [Passwords] sub-tab and check the [Use a master password] box to display the Master Password screen.

Figure 2: Jitsi Security Settings

Step 3.Choose a strong passphrase and type it into the Choose a new password box.

Figure 3: Entering a master password

Step 4.Type your new passphrase again in the Re-enter password box.

Step 5.Click[OK].

Jitsi should display: Master Password successfully set up.

Step 6.Click[OK] again.

Note: The [Change Master Password] button lets you change this master password and the [Saved Passwords...] button lets you access the list of passwords that Jitsi is remembering for you.

4. Encrypt your instant messages and voice calls

Once you have added at least one account to Jitsi, you can add your contacts and use Jitsi to communicate securely with them.

4.1. Adding contacts in Jitsi

You can add your contacts to Jitsi by following the steps below.

Step 1.Select[File > Add contact...] from the Jitsi menu bar.

Figure 1: Jitsi File Settings

Step 2.Select the account for which you would like to add this contact. In this section, we will add a contact for the siabinfo@jabber.ccc.de account.

Figure 2: Adding a contact on Jitsi

You can also add the contact to a group. You can create new groups by selecting [File > Create group...] from the Jitsi menu bar.

Step 3.Type the ID of your contact into the “ID or Number” field. In this section, we will add a Jabber/XMPP contact with the username siabinfo@jabber.ccc.de.

You can also choose a nickname for your contact, which will be visible in the main Jitsi contacts list. To do so, simply type a nickname into the Display name field.

Step 4.Click[Add].

You should now see this contact in your contact list (alongside a Waiting for authorisation message that will disappear if she accepts your invitation). If your contact is signed into Jitsi, she will see a window similar to the one below.

Figure 3: Accepting a contact in Jitsi

Step 5.Click[OK].

When you receive an invitation through Jitsi, you can choose one of the following options:

Ignore: in which case the contact who sent you the invitation will continue awaiting authorisation

Deny: in which case she will be notified that her invitation was rejected

Authorise: in which case she will be notified that her invitation was accepted. At this point, she will be able to initiate an instant messaging conversation with you

Figure 4: Initiating a chat with a contact in Jitsi

Once your contact has accepted your invitation, you can click on her name in the contact list and initiate a text or voice chat by clicking the appropriate icon under her name.

4.2. Using Jitsi for secure instant messaging

Off-the-Record (OTR) is a cryptographic protocol that provides end-to-end encryption for instant messaging. OTR prevents anyone other than the intended recipient from reading your messages. OTR also allows you and your contact to authenticate one other, which is essential for encryption to work properly. Authentication is done by establishing a "shared secret," by exchanging cryptographic fingerprints or by asking one another questions to which only the two of you know the answer. OTR also provides forward secrecy, which means that even if someone obtains the key used to encrypt one of your messages, he will not be able to decrypt past conversations that he may have recorded.

Jitsi supports OTR. You can enable it by following the steps below:

Step 1.Select[Tools > Options] from the Jitsi menu bar.

Figure 1: Selecting Jitsi Options

Step 2.Select the [Security] tab and its Chat sub-tab to generate an OTR key.

Figure 2: Jitsi Options - The chat sub-tab of the Security tab

Step 3.Click the [Generate] button and wait until you see your fingerprint appear.

Figure 3: Generating an OTR key in Jitsi

Jitsi will generate an encryption key for each account you have added. You should only need to do this again if you add a new account or if you install Jitsi on a new device.

Step 4.Select a contact from the main Jitsi window and click the send message icon (first from the left under the contact's name) to open a text chat window:

Figure 4: Sending an instant message to a contact in Jitsi

Step 5.Click the Start private conversation icon.

Figure 5: Encrypting an instant message to a contact in Jitsi

Note: The “Encrypt chat with OTR” icon (the open padlock in the upper right-hand side of the window) will let you know whether or not your conversation is encrypted.

Figure 6: Encrypted instant messages

The padlock is now closed. Messages you send to and receive from your contact are now encrypted. Note the warning that this is an Unverified private conversation. This is a reminder that you should authenticate this contact.

Step 6.Click the authenticate siabinfo@jabber.ccc.de link to open the Authenticate Buddy screen.

Figure 7: Authenticating a contact in Jitsi

Step 7.Select[Fingerprint authentication] as a method for verifying the identity of your contact.

This screen encourages you to use another channel (not this chat) to verify the OTR fingerprint you have for your contact. If you do this carefully, you can ensure that nobody is reading your messages and relaying them back and forth between you and your contact. It is a good idea to verify a contact's fingerprint in person or using a voice or video chat so as to prevent someone else from impersonating one of you.

Step 8.Select the [I have] option.

Step 9.Type the fingerprint your contact gives you (verbally, through another channel) into the box at the bottom of the screen.

Figure 8: Verifying a contact's fingerprint in Jitsi

Step 10.Click[Authenticate Buddy].

Figure 9: Authenticating a contact

You can now exchange OTR encrypted instant messages with this contact.

Figure 10: Encrypted and verified communications

This symbol verifies that you have established an encrypted and authenticated communications channel with your contact.

Figure 11: Encrypted instant messaging through Jitsi

Figure 12: Encrypted instant messaging through Jitsi

Note: You should go through this authentication process again if the triangle with the exclamation mark reappears over the padlock. It may be that your contact has moved to another device with another OTR encryption key or it may be that someone is trying to impersonate her.

4.3. Using Jitsi for secure voice and video calls

Jitsi supports voice and video calls. Voice calls can be encrypted using an open standard called ZRTP. You can initiate encrypted voice calls by following the steps below.

Step 1.Select a contact from the Jitsi contact list.

Step 2.Click the phone icon (second from the left under the contact's name) to initiate a voice call.

Figure 1: Establishing a voice call with Jitsi

Figure 2: Calling a contact on Jitsi

Step 3. When you or your contact accept a voice call, Jitsi will let you know when your connection is established. A red (open) padlock indicates that your call has not yet been encrypted.

Figure 3: Unencrypted connection with a contact

If Jitsi succeeds in establishing an encrypted voice connection between you and your contact, you will see the letters zrtp appear next to an orange (closed) padlock as shown below:

Figure 4: Establishing an encrypted voice call in Jitsi

If Jitsi fails to establish a ZRTP connection, you and your contact can still chat, but your conversation will not be encrypted. If this happens, you might want to disconnect, restart Jitsi and try again.

Step 4. Note the [Compare with partner] box under the orange padlock. Read these characters to your contact and confirm that she sees the same ones. If she does, it means that nobody is listening in to your conversation and relaying your messages back and forth between the two of you. You can then click[Confirm], which will turn the padlock green.

Figure 5: Authenticating an encrypted voice call in Jitsi

You will need to do this each time you place or receive an encrypted call using Jitsi.

Step 5. You can close the String compared! box by clicking the white [X] in the upper right-hand corner of the black box in the lower portion of the Jitsi window.